package com.bibimaya.auto.mapper.dao.utils;

import java.util.regex.Pattern;

/**
 * Created by lijianwei
 */
public class SqlSecurityUtil {

    public static final String reg = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";

    public static final Pattern sqlPattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);

    /**
     * true 安全, false不安全
     * @param value
     * @return
     */
    public static boolean isSecurity(String value){
        // SQL过滤，防止注入
        return !sqlPattern.matcher(value).find();
    }

}
